h3c防火墻如何設置adsl
想要用h3c防火墻去設置adsl,該怎么辦呢?下面由學習啦小編給你做出詳細的h3c防火墻設置adsl方法介紹!希望對你有幫助!
h3c防火墻設置adsl方法一:
1. firewall packet-filter default permit 更改默認包過濾規(guī)則為允許
2.就是你的d0端口下的配置問題。是否正確如下
interface Dialer1
link-protocol ppp
ppp pap local-user ADSL用戶名password simple密碼
mtu 1492
tcp mss 1200
ip address ppp-negotiate
dialer user mypppoe
dialer-group 1
dialer bundle 1
nat outbound 3100
3.物理端口綁定錯誤。如下:
#
interface Ethernet0/4
pppoe-client dial-bundle-number 1
4.d0口要加入到安全域里。我估計你是這個問題。
#
firewall zone untrust
add interface Ethernet0/4
add interface Dialer0
h3c防火墻設置adsl方法二:
首先創(chuàng)建一個撥號連接接口、封裝一下協(xié)議、然后設置用戶名和密碼,如下:
撥號連接接口為dialer1,撥號的用戶名為:uesr1,密碼為:abc123.
interface Dialer1
link-protocol ppp
ppp chap user user1
ppp chap password cipher abc123
ppp pap local-user user1 password cipher abc123
ip address ppp-negotiate
dialer user user1
dialer-group 1
dialer bundle 1
然后把撥號連接口應用在路由器的外網(wǎng)端口上面:
interface GigabitEthernet0/1
pppoe-client dial-bundle-number 1
然后寫一條默認路由指向撥號連接口出去:
ip route-static 0.0.0.0 0.0.0.0 Dialer1
h3c防火墻設置adsl方法三:
#
sysname H3C
#
ike local-name NO_3
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
dialer-rule 1 ip permit
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password simple admin
service-type telnet
level 3
#
ike peer 1
exchange-mode aggressive
pre-shared-key h3c123
id-type name
remote-name CENTER
remote-address X.X.X.X
nat traversal
#
ipsec proposal 1
#
ipsec policy 1 isakmp
security acl 3000
ike-peer 1
proposal 1
#
acl number 3000
rule 0 permit ip source 172.16.0.0 0.0.255.255 destination 192.168.0.0 0.0.255.255
acl number 3100
rule 0 deny ip source 172.16.3.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
rule 10 permit ip source 172.16.3.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Dialer1
link-protocol ppp
ppp pap local-user 寬帶賬號 password simple 寬帶密碼
mtu 1492
tcp mss 1024
ip address ppp-negotiate
dialer user mypppoe
dialer user 1
dialer-group 1
dialer bundle 1
nat outbound 3100
ipsec policy
#
interface Ethernet0/0
ip address 172.16.3.254 255.255.255.0
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
pppoe-client dial-bundle-number 1
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
add interface Ethernet0/1
add interface Ethernet0/2
add interface Ethernet0/3
set priority 85
#
firewall zone untrust
add interface Ethernet0/4
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
我的H3C F100-C,配置ADSL后,一直不能聯(lián)網(wǎng),請各位高手給看看
DIS INTER DIALER后的結果如下
Dialer1 current state :DOWN
Line protocol current state :DOWN
Description : Dialer1 Interface
The Maximum Transmit Unit is 1492, Hold timer is 10(sec)
Internet protocol processing : disabled
Link layer protocol is PPP
LCP initial
Physical is Dialer, baudrate: 100000000 bps
Output queue : (Urgent queuing : Size/Length/Discards) 0/50/0
Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
Last 300 seconds input: 0 bytes/sec 0 packets/sec
Last 300 seconds output: 0 bytes/sec 0 packets/sec
0 packets input, 0 bytes, 0 drops
0 packets output, 0 bytes, 0 drops
看了“h3c防火墻如何設置adsl ”文章的還看了: